By Topic

Contract-Based Security Monitors for Service Oriented Software Architecture

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Hoole, A.M. ; Dept. of Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC ; Traore, I.

Monitors have been used for real-time systems to ensure proper behavior; however, most approaches do not allow for the addition of relevant fields required to identify and react to security vulnerabilities. Contracts can provide a useful mechanism for identifying and tracking vulnerabilities. Currently, contracts have been proposed for reliability and formal verification; yet, their use in security is limited. Static analysis methods are able to identify many known vulnerabilities; however, they suffer from a high rate of false-positives. The creation of a mechanism that can verify identified vulnerabilities is therefore warranted. We propose a contract-based security assertion monitoring framework (CB SAMF) for reducing the number of security vulnerabilities that are exploitable. CB SAMF will span multiple software layers and be used in an enhanced systems development life cycle (SDLC) including service-oriented analysis and design (SOAD).

Published in:

Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE

Date of Conference:

9-12 Dec. 2008